Provides utilities for securing passwords and handling user sessions.
Project description
flask_app_security
Created by William Burriss
Provides utilities for securing passwords and handling user sessions.
Dependencies
- joserfc
- password_utils -
module: flask_app_security.password_utils
secure_password
(function) def secure_password(password: str) -> Secured_Password
Secures a password by generating a random string of "salt" and then hashing the password+salt. This is done to prevent duplicate passwords from having the same hash. A login_token is also generated. This should be stored !!SECURELY!! on the client side for the use of remembering the user.
Example:
from flask_app_security.password_utils import secure_password
password = "my_password"
secured_password_string = secure_password(password).to_string()
validate_password
(function) def validate_password(
password: str,
_secured_password: Any
) -> (bool | Any)
Takes a plain text password and a Secured_Password and returns if the password is correct.
Note: the Secured_Password can either be an instance of Secured_Password OR it can be the string returned from Secured_Password's to_string() method
Example:
from flask_app_security.password_utils import secure_password, validate_password
secured_password = secure_password("password")
string = secured_password.to_string()
validate_password("password", secured_password) # True
validate_password("password", string) # True
validate_password("password wrong", secured_password) # False
validate_password("password wrong", string) # False
validate_login_token
(function) def validate_login_token(
login_token: str,
_secured_password: Any
) -> (bool | Any)
Takes a plain login_token and a Secured_Password and returns if the login_token is correct.
Note: the Secured_Password can either be an instance of Secured_Password OR it can be the string returned from Secured_Password's to_string() method
Example:
from flask_app_security.password_utils import secure_password, validate_login_token
secured_password = secure_password("password")
token = secured_password.login_token
string = secured_password.to_string()
validate_login_token(token, secured_password) # True
validate_login_token(token, string) # True
validate_login_token("invalid token", secured_password) # False
validate_login_token("invalid token", string) # False
Secured_Password
(class) Secured_Password
(method) def __init__(self: Self@Secured_Password, password_hash: Any, salt: Any, login_token: Any) -> None
Constructor
(method) def to_string(self: Self@Secured_Password) -> str
Creates a string that can be stored in a database. This string can later be used to create another instance of Secured_Password using its static from_string() method.
(staticmethod) def from_string(string: str) -> Secured_Password
Creates a Secured_Password instance from a string. Used to convert the string returned by this class' to_string() method back into a Secured_Password.
- session_utils -
module: flask_app_security.session_utils
encode_dict
(function) def encode_dict(
d: dict,
secret_key: str,
valid_time_ms: float = -1
) -> str
Encodes a python dictionary provided a secret key used to encode. Takes optional parameter for creating a timed encode. Meaning the encoded dict will have an expiriation. This is done by passing the time in ms as the third parameter. If no 3rd parameter or -1 is passed, no time will be set and the encoded dict will not expire.
Example:
from flask_app_security.session_utils import encode_dict
secret_key = "my_secret_key"
test_dict = {
"username": "my_username",
"email": "myemail@test.com",
"user_id": 123456789
}
encoded_dict = encode_dict(test_dict, secret_key)
valid_until = 10 * 1000 # 10 seconds (as ms)
encoded_dict_timed = encode_dict(test_dict, secret_key, valid_until)
decode_dict
(function) def decode_dict(
string: str,
secret_key: str
) -> dict
Decodes dict. Works with both timed and non-timed encodes. Returns None if expired or if invalid secret_key is given.
Example:
from flask_app_security.session_utils import encode_dict, decode_dict
secret_key = "my_secret_key"
test_dict = {
"username": "my_username",
"email": "myemail@test.com",
"user_id": 123456789
}
t = 2 * 1000 # 2 seconds (as ms)
encoded_dict = encode_dict(test_dict, secret_key, t)
decoded_dict = decode_dict(encoded_dict, secret_key) # {"username": "my_username", "email": "myemail@test.com", "user_id": 123456789}
decoded_dict = decode_dict(encoded_dict, "incorrect_secret_key") # None
time.sleep(2.1) # sleeps for 2 seconds, so that the encoded dict will have expired
decoded_dict = decode_dict(encoded_dict, secret_key) # None
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_app_security-0.0.5.tar.gz.
File metadata
- Download URL: flask_app_security-0.0.5.tar.gz
- Upload date:
- Size: 5.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1e284d4c127b656ef4fd13cbe4266dd115eb8479550f342b47b29f218ba673de
|
|
| MD5 |
cdc4d30df9c5483a7f10ffa6c13176dc
|
|
| BLAKE2b-256 |
aebb6bcf133f845a82bca401feb7e05b3a384e08ce5b8a95da52463fc74d591f
|
File details
Details for the file flask_app_security-0.0.5-py3-none-any.whl.
File metadata
- Download URL: flask_app_security-0.0.5-py3-none-any.whl
- Upload date:
- Size: 6.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
02c853b956a18c97aefd40076eb2aa42c19cb2dd1712f4decdddb2988d6414b5
|
|
| MD5 |
470e214d1ee9c163cc68c7cdc726c24e
|
|
| BLAKE2b-256 |
92c31156fd65af2ac64b08bc3e97a80f000643d0d8d86a7a19752eb16944488c
|
